win32.2urface.bho [Archive] - Safer-Networking Forums

Widdy1961

2014-04-07, 18:45

Hi

Recently noticed that clicking on links in Chrome/FireFox was taking me to alternative websites (some which were flagged by WOT), I ran SpyBot and it found win32.2urface.bho, which I removed using SpyBot.

Unfortunately the symptoms still persist, even though SpyBot says I am clean..........

I have backed up my registry with ERUNT and disabled Tea Timer in Spybot.........below are the logs as requested in the "Read before posting" Forum and the attachement log.

Thanks
Stu

DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Stuart at 16:17:56 on 2014-04-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.3115 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Firetrust\MailWasher Free\MailWasher.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=591D849C58F20CA71C98A851CB23F609
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
uRun: [Google Update] "C:\Users\Stuart\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{20EDF729-9408-4FFA-BEEF-450991965560} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{20EDF729-9408-4FFA-BEEF-450991965560}\348627F6D6563616374793139393 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{20EDF729-9408-4FFA-BEEF-450991965560}\779646469713936313 : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\sw30e4~1.boo
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Users\Stuart\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stuart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Stuart\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Stuart\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-04-01 00:36; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2014-04-05 18:26; {0FAA5C82-A094-4541-8811-D3361F972A81}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2014-04-06 20:31; aeslgsl_u@edlqfooiju.org; C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\extensions\aeslgsl_u@edlqfooiju.org
FF - ExtSQL: 2014-04-06 20:31; 0sxak_3b@vdp-atfbbw.org; C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\extensions\0sxak_3b@vdp-atfbbw.org
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-4-1 445304]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-1 208928]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-26 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-4-1 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-1 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-1 423240]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-2 49952]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-1 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-1 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-1 109048]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-12-17 8865320]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-19 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2425960]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-3-15 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-4-5 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-3-20 23552]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-4-6 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-12 2656280]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-30 1771032]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-1 84816]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-5 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-12 2431792]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-12 565352]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-4-24 33008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-6-27 39504]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-12 339048]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-16 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-04-07 14:54:34 -------- d-----w- C:\Users\Stuart\AppData\Local\{0302D480-A480-463A-B2FE-214F1A0E11D2}
2014-04-07 14:49:48 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D21D84A6-74AA-49F4-B64B-0CC40803532E}\offreg.dll
2014-04-06 21:27:21 -------- d-----w- C:\Users\Stuart\AppData\Local\Skype
2014-04-06 20:39:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-04-06 20:39:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-06 20:19:28 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{670B091E-66A5-4167-9D2C-6F8A710DF2E1}\gapaengine.dll
2014-04-06 20:19:09 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D21D84A6-74AA-49F4-B64B-0CC40803532E}\mpengine.dll
2014-04-06 19:32:50 -------- d-----w- C:\Users\Stuart\AppData\Local\Macromedia
2014-04-06 19:31:11 -------- d-----w- C:\Users\Stuart\AppData\Local\Mozilla
2014-04-06 19:27:37 -------- d-----w- C:\Users\Stuart\AppData\Roaming\Serif
2014-04-06 18:59:44 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2014-04-06 18:59:11 -------- d-----w- C:\Program Files (x86)\Serif
2014-04-06 15:12:39 -------- d-----w- C:\Users\Stuart\AppData\Local\{749C1E51-99A3-4D3C-82EA-EE866B7D8115}
2014-04-06 00:49:28 -------- d-----w- C:\Program Files (x86)\Belarc
2014-04-05 22:21:34 -------- d-----w- C:\Cumulus
2014-04-05 21:35:08 -------- d-----w- C:\ProgramData\GreenApp
2014-04-05 21:33:59 4296192 ----a-w- C:\Program Files (x86)\SW.Booster
2014-04-05 21:33:59 4210176 ----a-w- C:\Program Files (x86)\SW_x64.Booster
2014-04-05 21:33:34 -------- d-----w- C:\ProgramData\YoutubeAdblocker
2014-04-05 21:33:34 -------- d-----w- C:\Program Files (x86)\YoutubeAdblocker
2014-04-05 21:33:20 -------- d-----w- C:\ProgramData\safeweb
2014-04-05 21:33:20 -------- d-----w- C:\Program Files (x86)\safeweb
2014-04-05 21:33:01 -------- d-----w- C:\Users\Stuart\AppData\Local\Torch
2014-04-05 21:33:01 -------- d-----w- C:\ProgramData\653a2c020659554d
2014-04-05 21:33:00 -------- d-----w- C:\Users\Stuart\AppData\Local\Comodo
2014-04-05 21:31:38 -------- d-----w- C:\ProgramData\InstallMate
2014-04-05 19:17:49 -------- d-----w- C:\Users\Stuart\AppData\Local\{EA4D64B9-22EB-4A71-9BAF-6C8BCA46F545}
2014-04-05 17:27:01 -------- d-----w- C:\Users\Stuart\AppData\Roaming\RealNetworks
2014-04-05 17:26:21 -------- d-----w- C:\ProgramData\RealNetworks
2014-04-05 17:26:21 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-04-05 17:26:03 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-04-05 17:25:15 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-04-05 15:10:29 -------- d-----w- C:\Users\Stuart\AppData\Local\Programs
2014-04-04 19:39:16 -------- d-----w- C:\Users\Stuart\AppData\Local\Hewlett-Packard
2014-04-04 15:07:01 -------- d-----w- C:\Users\Stuart\AppData\Local\{ED6DA364-9723-4CAC-ADCB-0F7C1CBA5FFB}
2014-04-03 18:19:08 -------- d-----w- C:\Users\Stuart\AppData\Local\Apple
2014-04-03 18:13:26 -------- d-----w- C:\Users\Stuart\AppData\Local\{C46101DE-011B-41D0-BD77-BC9117FA8836}
2014-04-02 15:35:58 -------- d-----w- C:\Users\Stuart\AppData\Local\{8CE44477-C6DA-44B8-9598-0E370088235F}
2014-04-01 17:42:32 -------- d-----w- C:\Users\Stuart\AppData\Local\Adobe
2014-04-01 17:29:22 -------- d-----w- C:\Users\Stuart\AppData\Roaming\Netgear Live Parental Controls
2014-04-01 17:29:15 -------- d-----w- C:\Program Files (x86)\NETGEAR Live Parental Controls Management Utility
2014-04-01 17:07:21 -------- d-----w- C:\Program Files (x86)\Xirrus
2014-04-01 17:05:57 -------- d-----w- C:\Users\Stuart\AppData\Roaming\Xirrus
2014-04-01 15:47:44 -------- d-----w- C:\Users\Stuart\AppData\Local\Opera
2014-04-01 15:18:56 -------- d-----w- C:\Users\Stuart\AppData\Local\{C11071E7-DDEC-4ECD-BF6A-CC602BC126F9}
2014-03-31 23:36:38 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-03-31 23:36:20 445304 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-03-31 23:32:37 -------- d-----w- C:\Users\Stuart\AppData\Roaming\AVAST Software
2014-03-31 23:31:56 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-31 23:31:56 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-03-31 23:31:56 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-31 23:31:56 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-31 23:31:56 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-31 23:31:56 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-31 23:31:51 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-31 23:31:12 -------- d-----w- C:\Program Files\AVAST Software
2014-03-31 23:29:47 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-31 23:17:54 -------- d-----w- C:\Users\Stuart\AppData\Local\MFAData
2014-03-31 22:57:07 -------- d-----w- C:\Users\Stuart\AppData\Local\PC_Drivers_Headquarters
2014-03-31 22:56:05 -------- d-----w- C:\Users\Stuart\AppData\Local\VirtualStore
2014-03-31 16:16:26 -------- d-----w- C:\Users\Stuart\AppData\Local\Windows Live Writer
2014-03-31 13:25:32 -------- d-----w- C:\Users\Stuart\AppData\Roaming\QuickScan
2014-03-31 12:00:50 3737 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{ECFD6C75-A300-1DC3-785B-A7B5CEA603C3}-setup.vbs
2014-03-30 14:14:43 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-30 14:05:21 -------- d-----w- C:\ProgramData\VTech
2014-03-30 14:05:21 -------- d-----w- C:\Program Files (x86)\VTech
2014-03-30 13:57:19 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-03-12 23:28:24 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 23:28:24 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 23:28:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 23:28:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 20:21:07 -------- d-----w- C:\Users\Stuart\AppData\Roaming\Intel Corporation
2014-03-12 20:16:00 -------- d-----w- C:\Program Files\HP USB Docking Video
2014-03-12 20:15:03 -------- d-----w- C:\Program Files\DisplayLink Core Software
2014-03-12 20:08:15 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2014-03-12 20:06:17 -------- d-----w- C:\Program Files\ATI Technologies
2014-03-12 20:06:12 -------- d-----w- C:\Program Files\ATI
2014-03-12 20:04:34 -------- d-----w- C:\AMD
2014-03-11 22:18:23 655360 ------w- C:\Windows\System32\stapi64.dll
2014-03-11 22:11:38 536064 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2014-03-11 22:11:38 448512 ----a-w- C:\Windows\System32\stcplx64.dll
2014-03-11 22:11:37 1977856 ----a-w- C:\Windows\System32\stapo64.dll
2014-03-11 22:11:19 -------- d-----w- C:\Program Files\IDT
2014-03-11 20:41:32 -------- d-----w- C:\ProgramData\UAB
2014-03-11 20:41:18 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2014-03-11 20:40:57 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters
2014-03-08 19:03:13 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
.
==================== Find3M ====================
.
2014-03-30 13:55:35 49952 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-03-12 20:14:55 0 ----a-w- C:\Windows\SysWow64\dlumdfb9.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\SysWow64\dlumdfb11.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\SysWow64\dlumdfb10.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\System32\dlumdfb9.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\System32\dlumdfb11.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\System32\dlumdfb10.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\System32\dlumd9.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\System32\dlumd11.dll
2014-03-12 20:14:55 0 ----a-w- C:\Windows\System32\dlumd10.dll
2014-03-11 19:04:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 19:04:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-11 08:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-25 00:19:42 268512 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:18:46.47 ===============

aswMBR Log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-07 16:23:44
-----------------------------
16:23:44.424 OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:44.424 Number of processors: 4 586 0x2A07
16:23:44.425 ComputerName: STUART-HP UserName: Stuart
16:23:46.143 Initialize success
16:23:49.051 AVAST engine defs: 14040700
16:24:02.648 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:24:02.653 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
16:24:02.761 Disk 0 MBR read successfully
16:24:02.769 Disk 0 MBR scan
16:24:02.777 Disk 0 Windows 7 default MBR code
16:24:02.792 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:24:02.804 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 452371 MB offset 409600
16:24:02.833 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20305 MB offset 926865408
16:24:02.857 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 968450048
16:24:02.995 Disk 0 scanning C:\Windows\system32\drivers
16:24:12.031 Service scanning
16:24:38.616 Modules scanning
16:24:38.636 Disk 0 trace - called modules:
16:24:38.672 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:24:38.680 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ada060]
16:24:38.688 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061ed050]
16:24:39.478 AVAST engine scan C:\Windows
16:24:41.722 AVAST engine scan C:\Windows\system32
16:27:24.317 AVAST engine scan C:\Windows\system32\drivers
16:27:35.950 AVAST engine scan C:\Users\Stuart
16:28:11.149 Disk 0 MBR has been saved successfully to "C:\Users\Stuart\Desktop\MBR.dat"
16:28:11.205 The log file has been saved successfully to "C:\Users\Stuart\Desktop\aswMBR.txt"

ken545

2014-04-09, 18:19

:snwelcome:

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Widdy1961

2014-04-09, 21:37

Hi Ken

Since my first post, my daughter has run some other cleaners (although I told her not to) and my problem seems to have cleared...but....I have followed your instructions, just to check they have gone.

If you need the DDS logfile after she messed with the PC, I have that and can post it.

Cheers

# AdwCleaner v3.023 - Report created 09/04/2014 at 19:11:59
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stuart - STUART-HP
# Running from : C:\Users\Stuart\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\prefs.js ]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9097 octets] - [08/04/2014 11:56:24]
AdwCleaner[R1].txt - [1144 octets] - [09/04/2014 19:10:45]
AdwCleaner[S0].txt - [8194 octets] - [08/04/2014 11:58:22]
AdwCleaner[S1].txt - [1068 octets] - [09/04/2014 19:11:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1128 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Stuart on 09/04/2014 at 19:18:18.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1422417421-3215548618-2191395246-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315}

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{0302D480-A480-463A-B2FE-214F1A0E11D2}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{2F1A587B-2426-499F-A862-523A5905FB75}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{749C1E51-99A3-4D3C-82EA-EE866B7D8115}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{8CE44477-C6DA-44B8-9598-0E370088235F}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{94A7D40B-C790-435F-82A8-B0F5E0339B9D}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{C11071E7-DDEC-4ECD-BF6A-CC602BC126F9}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{C46101DE-011B-41D0-BD77-BC9117FA8836}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{EA4D64B9-22EB-4A71-9BAF-6C8BCA46F545}
Successfully deleted: [Empty Folder] C:\Users\Stuart\appdata\local\{ED6DA364-9723-4CAC-ADCB-0F7C1CBA5FFB}

~~~ FireFox

Successfully deleted the following from C:\Users\Stuart\AppData\Roaming\mozilla\firefox\profiles\m5pl1sof.default\prefs.js

user_pref("extensions.Puu_y7KIi.url", "hxxp://jpi-syncs.info/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0m9sMCMlNhd9Fqda9rdkGrjrHrTwMBzqUojw9rdnEqTw4rHwErSh7hfs0pihPBMn0rTsFrdw6r
Emptied folder: C:\Users\Stuart\AppData\Roaming\mozilla\firefox\profiles\m5pl1sof.default\minidumps [8 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/04/2014 at 19:27:25.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545

2014-04-09, 22:29

Thats fine, some of this garbage can make you pull the rest of your hair out

We have a saying around these forums that is true, the absence of symptoms does not guarantee a clean computer, so its your call but I would like to run a couple of other scans to make sure everything is ok

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Post the log from Malwarebytes and then run this quick scanner and lets check for any leftovers

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Widdy1961

2014-04-09, 23:05

OK Ken

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/04/2014
Scan Time: 21:02:08
Logfile: Malwarebytes log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.09.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stuart

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290080
Time Elapsed: 13 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Widdy1961

2014-04-09, 23:21

OTL logfile created on: 09/04/2014 21:08:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stuart\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 3.41 Gb Available Physical Memory | 57.27% Memory free
11.90 Gb Paging File | 8.91 Gb Available in Paging File | 74.89% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.77 Gb Total Space | 354.11 Gb Free Space | 80.16% Space Free | Partition Type: NTFS
Drive D: | 19.83 Gb Total Space | 2.12 Gb Free Space | 10.67% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.06 Gb Free Space | 26.84% Space Free | Partition Type: FAT32

Computer Name: STUART-HP | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Stuart\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

========== Modules (No Company Name) ==========

MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\_ssl.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\wx._windows_.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\wx._gdi_.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\_hashlib.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\PyWinTypes27.dll ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\wx._html2.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\_multiprocessing.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32pipe.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\wx._controls_.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\unicodedata.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\pyexpat.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\_ctypes.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32inet.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32process.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32pdh.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32event.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\select.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32security.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32profile.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32file.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\_elementtree.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32api.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\_socket.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\wx._core_.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\wx._misc_.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\pythoncom27.dll ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32com.shell.shell.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\wx._wizard.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32ts.pyd ()
MOD - C:\Users\Stuart\AppData\Local\Temp\_MEI47042\win32crypt.pyd ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\55da6ea9407e647930ccfa94f1d02567\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33f1f62a80540af6dba6af268692c041\IAStorCommon.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Steam\libavresample-1.dll ()
MOD - C:\Program Files (x86)\Steam\libavutil-52.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()

========== Services (SafeList) ==========

SRV:[b]64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealPlayer Cloud Service) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdisFlt) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (ThreatTrack Security)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcsnap
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\..\SearchScopes\{EA29A220-4B9C-419D-AE62-F2694DAB6C16}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1072
FF - prefs.js..extensions.enabledAddons: %7B8850f748-e69b-42ff-a449-7ad3cf153bcc%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B8eaa2500-4118-4c33-9927-988702ba63bd%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7Bf80bc79c-ab5e-418a-a0be-3d9e66b4e976%7D:5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.8.22: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.8.22: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Stuart\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Stuart\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stuart\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stuart\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stuart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/01 00:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FAA5C82-A094-4541-8811-D3361F972A81}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/05 18:26:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/31 18:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Extensions
[2014/04/08 11:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\extensions
[2014/03/31 11:59:48 | 000,184,519 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
[2013/07/22 16:32:51 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2014/03/31 12:00:00 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\m5pl1sof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/04/06 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/06 20:34:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/04/06 20:34:37 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2014/04/06 20:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/06 20:34:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/04/06 20:34:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\STUART\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5PL1SOF.DEFAULT\EXTENSIONS\{8850F748-E69B-42FF-A449-7AD3CF153BCC}
File not found (No name found) -- C:\USERS\STUART\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5PL1SOF.DEFAULT\EXTENSIONS\{8EAA2500-4118-4C33-9927-988702BA63BD}
File not found (No name found) -- C:\USERS\STUART\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5PL1SOF.DEFAULT\EXTENSIONS\{F80BC79C-AB5E-418A-A0BE-3D9E66B4E976}
File not found (No name found) -- C:\USERS\STUART\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5PL1SOF.DEFAULT\EXTENSIONS\DONOTTRACKPLUS@ABINE.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Shredder Chess Free = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelpbbhpcpelmnfablcbcianelefnnbg\1.0.1_0\
CHR - Extension: My World = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemeppengemohiobmmjhfddbhcgkomhm\2.0.0.2_0\
CHR - Extension: Angry Birds = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\
CHR - Extension: Snooker = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjohiacoelemalmancnccjggomjnkfod\1.0.2_0\
CHR - Extension: YouTube = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Solitaire = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.5_0\
CHR - Extension: Google Cast = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.305.0.0_0\
CHR - Extension: Freecell Solitaire = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh\1.0.0.3_0\
CHR - Extension: Pool = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\
CHR - Extension: Adblock Plus = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\
CHR - Extension: Striker Manager = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmachfiimeggafocgeldapnchdnoiib\5_0\
CHR - Extension: A View From My Seat = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinfpjejffcomoiociopmifpfgckbdgc\10_0\
CHR - Extension: Google Search = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WGT Golf Challenge = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: Kingdoms Of Camelot = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadejngfdiifodimfhejphllfecigmm\1.1_0\
CHR - Extension: Clock for Google Chromeâ„¢ = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.2.2_0\
CHR - Extension: PanicButton = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: PicMonkey = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: Full Screen Weather = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Ripples = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjgbmalioedafbpahlobnkgbjkllod\1.2.1_0\
CHR - Extension: Planetarium = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\
CHR - Extension: AdBlock = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.26_0\
CHR - Extension: Yesware Email Tracking = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.146_0\
CHR - Extension: avast! Online Security = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Sniper Team = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec\1.0.2_0\
CHR - Extension: Creatures & Castles = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: WarLight = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiikfoplnkjhoiafgmcobenlfnbphbee\1.0_0\
CHR - Extension: Don't Starve = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Illyriad = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfbcdoedgikkjokbgejbgkgijnoaanb\1.5.1_0\
CHR - Extension: Free Texas Holdem Poker = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpefcbpnjnanfacddfaaommfheilhkdb\1.0.0.2_0\
CHR - Extension: Isoball 3 = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\
CHR - Extension: Crackle = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Pool Mania = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icojacdaddlajldkicfacgcjncbkieen\4.3_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.8_0\
CHR - Extension: World of Solitaire = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: The West = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm\1.5_0\
CHR - Extension: theHunter = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo\10_0\
CHR - Extension: Google +1 Button = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.3.0.325_0\
CHR - Extension: Gem of a Kind = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpdnogahpolnfpmnofheendeponbmla\1.0_0\
CHR - Extension: Cargo Bridge = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Soccer Manager = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpemkngoajegcbamebdmnkjoalpofpbj\1.1.6.2_0\
CHR - Extension: Free Kick = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfnhkningpdichadhkccomfjgkbgkknm\1_0\
CHR - Extension: InvisibleHand = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.43_0\
CHR - Extension: Web Snooker = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkhlbbldfajifjiibkpjfdemgpnnhfgj\1_0\
CHR - Extension: Google Maps = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Shortcut Manager = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjjeipcdnnjhgodgjpfkffcejoljijf\0.7.9_0\
CHR - Extension: Google Mail Checker = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: deviantART muro = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\
CHR - Extension: Mahjong Solitaire = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Curling = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhalnajmigjnpjpdbpkpgfhekbjmolhp\1.0.10_0\
CHR - Extension: Google Wallet = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: 3D Bowling = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nplopmdcejhiffghkpnancmgmnfgddpn\1.0.5_0\
CHR - Extension: Picasa = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Downhill Jam = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjegjjfdamcmjikplaghiloojkpmdfm\2.3.1_0\
CHR - Extension: Falling Sand Game = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo\1.3_0\
CHR - Extension: Psykopaint = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Gmail = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Canvas Rider = C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0\

O1 HOSTS File: ([2014/04/08 14:57:23 | 000,450,770 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20EDF729-9408-4FFA-BEEF-450991965560}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1df1257a-c54e-11e2-819e-ec9a7454be6e}\Shell - "" = AutoRun
O33 - MountPoints2\{1df1257a-c54e-11e2-819e-ec9a7454be6e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{82875927-6b0a-11e3-9a1f-ec9a7454be6e}\Shell - "" = AutoRun
O33 - MountPoints2\{82875927-6b0a-11e3-9a1f-ec9a7454be6e}\Shell\AutoRun\command - "" = G:\SetupWi-Fi.exe
O33 - MountPoints2\{9251c0c8-b812-11e3-994d-ec9a7454be6e}\Shell - "" = AutoRun
O33 - MountPoints2\{9251c0c8-b812-11e3-994d-ec9a7454be6e}\Shell\AutoRun\command - "" = G:\InnoTabSetup.exe
O33 - MountPoints2\{e55d972d-be3b-11e2-a2c7-ec9a7454be6e}\Shell - "" = AutoRun
O33 - MountPoints2\{e55d972d-be3b-11e2-a2c7-ec9a7454be6e}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Widdy1961

2014-04-09, 23:23

========== Files/Folders - Created Within 30 Days ==========

[2014/04/09 20:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/09 20:47:10 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/09 20:47:10 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/09 20:47:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/09 20:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/09 20:46:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stuart\Desktop\OTL.exe
[2014/04/09 18:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/09 18:09:54 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/09 18:09:54 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/09 18:09:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/09 18:09:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/09 18:09:52 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 18:09:51 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/09 18:09:51 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/09 18:09:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/09 18:09:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/09 18:09:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/09 18:09:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/09 18:09:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/09 18:09:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/09 18:09:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 17:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series
[2014/04/08 17:13:44 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAQ.DLL
[2014/04/08 15:15:19 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Stuart\Desktop\dds.scr
[2014/04/08 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/04/08 14:53:22 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/04/08 14:41:54 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\CrashDumps
[2014/04/08 13:06:28 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/04/08 12:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/04/08 12:36:10 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/08 12:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/08 11:56:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/07 20:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/04/07 20:15:14 | 040,658,208 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Stuart\Desktop\spybot-2.2.exe
[2014/04/07 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/04/07 16:13:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/04/07 16:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/04/07 16:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/04/06 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Skype
[2014/04/06 21:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/04/06 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014/04/06 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/06 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Macromedia
[2014/04/06 20:31:11 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Mozilla
[2014/04/06 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Serif
[2014/04/06 19:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2014/04/06 19:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
[2014/04/06 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serif
[2014/04/06 15:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/04/06 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/04/06 01:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2014/04/05 23:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cumulus
[2014/04/05 23:21:34 | 000,000,000 | ---D | C] -- C:\Cumulus
[2014/04/05 22:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\GreenApp
[2014/04/05 22:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\safeweb
[2014/04/05 22:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\safeweb
[2014/04/05 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\653a2c020659554d
[2014/04/05 22:33:00 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Comodo
[2014/04/05 22:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/04/05 18:27:01 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\RealNetworks
[2014/04/05 18:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/04/05 18:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/04/05 18:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/04/05 18:25:51 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2014/04/05 18:25:29 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/04/05 18:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2014/04/05 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/04/05 18:24:40 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Real
[2014/04/05 18:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/04/05 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
[2014/04/05 16:10:29 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Programs
[2014/04/04 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Hewlett-Packard
[2014/04/03 19:19:08 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Apple
[2014/04/01 18:42:32 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Adobe
[2014/04/01 18:29:22 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Netgear Live Parental Controls
[2014/04/01 18:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls
[2014/04/01 18:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR Live Parental Controls Management Utility
[2014/04/01 18:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2014/04/01 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2014/04/01 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Xirrus
[2014/04/01 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Opera
[2014/04/01 00:36:38 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/04/01 00:36:20 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/04/01 00:32:37 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\AVAST Software
[2014/04/01 00:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/04/01 00:31:56 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 00:31:56 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 00:31:56 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 00:31:56 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 00:31:56 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 00:31:55 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 00:31:51 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/01 00:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/04/01 00:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/04/01 00:17:54 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\MFAData
[2014/03/31 23:57:07 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\PC_Drivers_Headquarters
[2014/03/31 23:56:05 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\VirtualStore
[2014/03/31 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Windows Live Writer
[2014/03/31 14:25:32 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\QuickScan
[2014/03/31 12:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/30 15:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
[2014/03/30 15:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VTech
[2014/03/30 15:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTech
[2014/03/13 00:30:47 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/13 00:30:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/13 00:30:44 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/13 00:30:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/13 00:30:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/13 00:30:41 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/13 00:30:41 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/13 00:30:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/13 00:30:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/13 00:30:40 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/13 00:30:40 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/13 00:30:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/13 00:30:39 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/13 00:30:38 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/13 00:30:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/13 00:30:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/13 00:30:37 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/13 00:30:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/13 00:30:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/13 00:30:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/13 00:30:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/13 00:30:35 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/13 00:30:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/13 00:30:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/13 00:30:34 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/13 00:30:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/13 00:28:24 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/13 00:28:24 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/13 00:28:22 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/12 23:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/12 23:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/12 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Intel Corporation
[2014/03/12 21:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP USB Docking Video
[2014/03/12 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayLink Core Software
[2014/03/12 21:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Port Replicator Software Installer
[2014/03/12 21:08:15 | 000,568,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2014/03/12 21:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/03/12 21:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2014/03/12 21:04:34 | 000,000,000 | ---D | C] -- C:\AMD
[2014/03/11 23:18:23 | 000,655,360 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2014/03/11 23:11:38 | 000,536,064 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2014/03/11 23:11:38 | 000,448,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2014/03/11 23:11:37 | 001,977,856 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2014/03/11 23:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2014/03/11 21:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/03/11 21:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2014/03/11 21:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2014/03/11 21:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2011/09/28 16:18:32 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\Stuart\AppData\Roaming\JomCap.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2014/04/09 21:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/09 21:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/09 20:47:39 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/09 20:47:19 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/09 20:46:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart\Desktop\OTL.exe
[2014/04/09 20:28:09 | 000,002,243 | ---- | M] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/09 20:28:09 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/09 20:15:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1422417421-3215548618-2191395246-1000UA.job
[2014/04/09 19:21:22 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 19:21:22 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 19:13:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/09 19:13:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/09 19:13:04 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/08 20:39:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStuart.job
[2014/04/08 17:24:12 | 000,004,249 | ---- | M] () -- C:\Users\Stuart\Desktop\attach.zip
[2014/04/08 16:15:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1422417421-3215548618-2191395246-1000Core.job
[2014/04/08 15:15:25 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Stuart\Desktop\dds.scr
[2014/04/08 15:00:51 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/08 14:57:23 | 000,450,770 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/08 14:53:29 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/04/08 14:45:46 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/08 13:06:28 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/04/08 13:06:28 | 000,000,766 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/04/08 11:53:51 | 001,426,178 | ---- | M] () -- C:\Users\Stuart\Desktop\AdwCleaner.exe
[2014/04/07 20:15:44 | 040,658,208 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Stuart\Desktop\spybot-2.2.exe
[2014/04/07 18:12:05 | 000,001,736 | ---- | M] () -- C:\Users\Stuart\Desktop\license.avastlic
[2014/04/07 16:11:54 | 000,000,888 | ---- | M] () -- C:\Users\Stuart\Desktop\NTREGOPT.lnk
[2014/04/07 16:11:54 | 000,000,869 | ---- | M] () -- C:\Users\Stuart\Desktop\ERUNT.lnk
[2014/04/06 22:29:11 | 000,450,712 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140408-145723.backup
[2014/04/06 20:03:58 | 000,302,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/06 19:59:48 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Serif WebPlus Starter Edition.lnk
[2014/04/06 02:12:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/06 01:49:29 | 000,002,108 | ---- | M] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/04/06 01:49:29 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/04/05 23:21:36 | 000,000,590 | ---- | M] () -- C:\Users\Stuart\Desktop\Cumulus.lnk
[2014/04/05 18:26:38 | 000,001,228 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/04/05 18:25:51 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2014/04/05 18:25:39 | 000,001,212 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/04/05 18:25:29 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/04/05 16:10:33 | 000,001,214 | ---- | M] () -- C:\Users\Stuart\Desktop\Chromecast.lnk
[2014/04/04 21:48:38 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/04 21:48:38 | 000,667,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/04 21:48:38 | 000,126,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/01 18:07:28 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2014/04/01 18:07:28 | 000,001,204 | ---- | M] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2014/04/01 00:44:11 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/01 00:37:25 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/04/01 00:36:24 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/04/01 00:36:20 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/04/01 00:31:52 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/01 00:31:52 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/01 00:31:52 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/01 00:31:52 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 00:31:52 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/01 00:31:52 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/01 00:31:52 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/01 00:31:52 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/01 00:31:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/31 20:23:36 | 000,007,597 | ---- | M] () -- C:\Users\Stuart\AppData\Local\Resmon.ResmonCfg
[2014/03/30 15:06:05 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Learning Lodge™.lnk
[2014/03/30 14:55:35 | 000,049,952 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/03/12 23:09:03 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumdfb9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumdfb9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumdfb11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumdfb11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumdfb10.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumdfb10.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd10.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll
[2014/03/11 23:01:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/03/11 21:41:03 | 000,002,433 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2014/03/11 20:04:19 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/11 20:04:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2014/04/09 20:47:19 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/08 14:53:29 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/04/08 14:53:29 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/04/08 14:45:40 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/04/08 13:06:28 | 000,000,766 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/04/08 11:53:44 | 001,426,178 | ---- | C] () -- C:\Users\Stuart\Desktop\AdwCleaner.exe
[2014/04/07 18:12:04 | 000,001,736 | ---- | C] () -- C:\Users\Stuart\Desktop\license.avastlic
[2014/04/07 16:42:25 | 000,004,249 | ---- | C] () -- C:\Users\Stuart\Desktop\attach.zip
[2014/04/07 16:11:54 | 000,000,888 | ---- | C] () -- C:\Users\Stuart\Desktop\NTREGOPT.lnk
[2014/04/07 16:11:54 | 000,000,869 | ---- | C] () -- C:\Users\Stuart\Desktop\ERUNT.lnk
[2014/04/06 19:59:48 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Serif WebPlus Starter Edition.lnk
[2014/04/06 19:59:47 | 000,002,489 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif WebPlus Starter Edition.lnk
[2014/04/06 01:49:29 | 000,002,108 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/04/06 01:49:29 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2014/04/06 01:49:29 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/04/05 23:21:36 | 000,000,590 | ---- | C] () -- C:\Users\Stuart\Desktop\Cumulus.lnk
[2014/04/05 18:26:38 | 000,001,228 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/04/05 18:25:39 | 000,001,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/04/05 16:10:33 | 000,001,214 | ---- | C] () -- C:\Users\Stuart\Desktop\Chromecast.lnk
[2014/04/01 18:07:28 | 000,001,226 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2014/04/01 18:07:28 | 000,001,204 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2014/04/01 00:37:25 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/04/01 00:31:56 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/01 00:31:56 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/31 20:23:36 | 000,007,597 | ---- | C] () -- C:\Users\Stuart\AppData\Local\Resmon.ResmonCfg
[2014/03/31 12:00:41 | 000,002,243 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/31 12:00:41 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/31 11:56:38 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/30 15:06:05 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Learning Lodge™.lnk
[2014/03/12 23:09:03 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumdfb9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumdfb11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb10.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumdfb10.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2014/03/12 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll
[2014/03/11 23:01:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2014/03/11 21:41:03 | 000,002,433 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2014/02/07 20:30:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/31 16:00:39 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/07/27 13:25:25 | 000,000,114 | ---- | C] () -- C:\Users\Stuart\AppData\Roaming\WB.CFG
[2013/06/14 17:25:10 | 000,000,005 | ---- | C] () -- C:\Users\Stuart\AppData\Roaming\WBPU-TTL.DAT
[2013/04/05 21:57:18 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/04/05 21:57:18 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/04/05 21:57:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/12 18:10:56 | 000,000,024 | ---- | C] () -- C:\Users\Stuart\jagexappletviewer.preferences
[2012/06/12 17:48:19 | 000,000,046 | ---- | C] () -- C:\Users\Stuart\jagex_cl_runescape_LIVE1.dat
[2012/06/12 17:44:56 | 000,000,045 | ---- | C] () -- C:\Users\Stuart\jagex_cl_runescape_LIVE.dat
[2012/06/12 17:44:56 | 000,000,024 | ---- | C] () -- C:\Users\Stuart\random.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/12 18:30:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2014/03/12 18:30:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2014/01/02 23:15:16 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\.minecraft
[2013/10/08 16:54:21 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Afreet
[2014/04/01 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\AVAST Software
[2012/02/25 18:03:54 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Blio
[2012/12/04 19:13:27 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Canon
[2012/12/15 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Firefly Studios
[2012/02/23 23:34:27 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Firetrust
[2013/07/14 21:44:42 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\FMRTE13
[2014/04/09 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\MailWasherFree
[2014/04/01 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Netgear Live Parental Controls
[2013/04/21 23:19:49 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\ooVoo Details
[2013/09/25 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\OpenOffice
[2012/02/24 23:29:20 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\OpenOffice.org
[2012/05/05 22:12:06 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Opera
[2013/11/17 18:06:28 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Opera Software
[2013/10/28 18:50:07 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\PandoraRecovery
[2013/12/31 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Photobucket
[2014/03/31 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\QuickScan
[2014/04/06 20:27:37 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Serif
[2013/06/19 22:19:18 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Simon Brown, HB9DRV
[2013/05/16 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Sony
[2013/05/26 14:57:51 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Sports Interactive
[2012/02/23 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Synaptics
[2014/02/01 13:59:17 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\TuneUp Software
[2013/05/04 14:28:20 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Unity
[2012/11/25 22:21:27 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Wargaming.net
[2012/02/27 01:46:24 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Windows Live Writer
[2014/04/01 18:05:57 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Xirrus
[2013/06/16 22:39:28 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\_MDLogs

========== Purity Check ==========

< End of report >

Widdy1961

2014-04-09, 23:24

OTL Extras logfile created on: 09/04/2014 21:08:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stuart\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 3.41 Gb Available Physical Memory | 57.27% Memory free
11.90 Gb Paging File | 8.91 Gb Available in Paging File | 74.89% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.77 Gb Total Space | 354.11 Gb Free Space | 80.16% Space Free | Partition Type: NTFS
Drive D: | 19.83 Gb Total Space | 2.12 Gb Free Space | 10.67% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.06 Gb Free Space | 26.84% Space Free | Partition Type: FAT32

Computer Name: STUART-HP | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8ED4E038-9133-43F0-A9D2-A87D1D9C4DE0}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B78E751E-D711-4975-A290-EB1795DF7954}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{ECD22487-A7D3-48B0-A0BF-89122761F53E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{F6F86C25-EC97-45AA-A6CE-1D7AD090855D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1048C593-AB7D-4C60-AC77-69712296E52B}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |
"{1F95B4E7-A1B3-4AE5-A8F3-87B630E03BAE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2AAB2422-EC56-432C-AF2D-ECB565B6DEA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{5574CD6B-6180-4280-9B14-6356CE94953F}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{B86E4F7D-6359-4664-ADE9-0BD632C05E56}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D4C93632-23CC-404B-88E0-028581F954AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{F2BFFF5E-6AE6-4292-9037-CECC3C78C468}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{2FCAA951-F0C0-4C35-9FED-94A6EEC2D583}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{699AC851-D4CD-4C5F-A7E2-10C0C37C07D5}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{BC0DF553-ACBE-41E6-AC62-966A6D729019}C:\program files (x86)\k1rfd\echolink\echolink.exe" = protocol=6 | dir=in | app=c:\program files (x86)\k1rfd\echolink\echolink.exe |
"TCP Query User{C3A7EC5A-21DD-4CEC-B5E6-8162B4B57F9D}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{D62DB9F4-80E6-4179-AE99-44E90F2E7AE6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{38925BEE-C3A2-4D62-957F-167E3C261242}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{48C710E0-0580-4C35-85CD-E1BF7A7E1207}C:\program files (x86)\k1rfd\echolink\echolink.exe" = protocol=17 | dir=in | app=c:\program files (x86)\k1rfd\echolink\echolink.exe |
"UDP Query User{7841AB55-EDA7-4EDF-BD12-3A91BA24FCD5}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{900C24AA-F041-435E-A76C-3AC4961D749A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{E97A8D7E-9DF2-46BC-A6C5-F40F2F5B0C5C}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers
"{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1" = FMRTE 13.3.3.62
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CC96C348-0110-48DD-AE5D-5302BBE2A47D}" = DisplayLink Core Software
"{CE0A36B2-BF28-48D5-81AF-279CEABD0E5F}" = HP USB Docking Video
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00107ED7-7DB8-47CD-A50F-E2422D13298F}" = Serif WebPlus Starter Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
"{3D5C7E0E-AEC0-40EB-99D3-C40469738040}" = HP Documentation
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass PE 2011
"{49D147A9-2793-4F75-A8EA-92D7D6A3A8AF}" = LeapFrog MyOwnLeaptop Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}" = Driver Detective
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}" = SW.Sustainer 1.80
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6313BCDF-1109-4682-A19D-413189817787}" = HP Port Replicator Software Installer
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88359341-883A-4BFF-A201-BF531AD9D235}" = Print To Go 2.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{98813202-6C6E-4ABE-A128-6E8FB3368BE0}" = Photobucket Backup
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DC33421C-0E1C-470A-BE37-7B7C82677812}" = EchoLink
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE431304-8040-43D4-8419-A58E210A3894}" = RealDownloader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E827774B-6759-4E45-A804-2535CD8F8238}" = QslDesignAndPrint
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9233F02-5617-4BDC-8EC6-4B798EDFE6F4}" = LeapFrog Connect
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = avast! Internet Security
"Belarc Advisor" = Belarc Advisor 8.4
"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual
"Canon MG2100 series User Registration" = Canon MG2100 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cumulus_is1" = Cumulus 1.9.4
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"iCare Data Recovery Free_is1" = iCare Data Recovery Free 5.2.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
"MailWasher Free_is1" = MailWasher Free 6.5.4
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NETGEAR Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.1.5
"Opera 11.64.1403" = Opera 11.64
"Opera 18.0.1284.49" = Opera Stable 18.0.1284.49
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Picasa 3" = Picasa 3
"Print_To_Go" = Print To Go 2.0
"RealPlayer 17.0" = RealPlayer Cloud
"Steam App 207890" = Football Manager 2013
"Steam App 71270" = Football Manager 2012
"UPCShell" = LeapFrog Connect
"VIP Access SDK" = VIP Access SDK (1.1.0.4)
"VTechDownloadManager" = Learning Lodge™
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1422417421-3215548618-2191395246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp
"Google+ Auto Backup" = Google+ Auto Backup
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 24/02/2012 17:35:00 | Computer Name = Stuart-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 24/02/2012 17:39:46 | Computer Name = Stuart-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/05/2012 18:54:13 | Computer Name = Stuart-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 19/05/2012 14:45:02 | Computer Name = Stuart-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 26/05/2012 16:42:25 | Computer Name = Stuart-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 15/09/2012 19:35:06 | Computer Name = Stuart-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 13/04/2012 16:07:35 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/04/13 21:07:35.847|000015A8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 13/04/2012 16:07:40 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/04/13 21:07:40.125|00000B9C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 20/04/2012 16:05:18 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/04/20 21:05:18.410|000011DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 20/04/2012 16:06:59 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/04/20 21:06:59.450|00001810|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 20/04/2012 16:07:02 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/04/20 21:07:02.628|00001904|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 20/04/2012 16:07:06 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/04/20 21:07:06.172|00001920|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 27/04/2012 15:51:47 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/04/27 20:51:47.485|000012C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 04/05/2012 15:47:30 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/05/04 20:47:30.217|00001AC0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 11/05/2012 15:44:15 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 20:44:15.207|000013FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 11/05/2012 15:45:59 | Computer Name = Stuart-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 20:45:59.237|000011C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 09/04/2014 14:47:16 | Computer Name = Stuart-HP | Source = DCOM | ID = 10010
Description =

< End of report >

ken545

2014-04-09, 23:42

Thanks for the logs, I am looking at just one entry related to your hosts file that is infected and we need to remove it

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
[2014/04/06 22:29:11 | 000,450,712 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140408-145723.backup

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Widdy1961

2014-04-10, 00:04

Here you go Ken

All processes killed
========== OTL ==========
C:\Windows\SysNative\drivers\etc\hosts.20140408-145723.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stuart\Desktop\cmd.bat deleted successfully.
C:\Users\Stuart\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: AppData

User: Default

User: Default User

User: Guest

User: HomeGroupUser$

User: Mcx1-STUART-HP

User: Public

User: Stuart
->Java cache emptied: 10747525 bytes

Total Java Files Cleaned = 10.00 mb

[EMPTYTEMP]

User: Administrator

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Mcx1-STUART-HP

User: Public

User: Stuart
->Temp folder emptied: 145085130 bytes
->Temporary Internet Files folder emptied: 12005548 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77112039 bytes
->Google Chrome cache emptied: 366462571 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1187 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36885153 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 412656 bytes
RecycleBin emptied: 1340237 bytes

Total Files Cleaned = 610.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04092014_215456

Files\Folders moved on Reboot...
C:\Users\Stuart\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Stuart\AppData\Local\Microsoft\Windows\Temporary Internet Files\45d9cd33-7e85-45e3-a273-1114fd90f129.jpg moved successfully.
C:\Users\Stuart\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545

2014-04-10, 00:30

:bigthumb:

How is your system behaving now ???

Widdy1961

2014-04-10, 00:41

It seems much faster and I am having none of the previous problems Ken.

You are a godsend my friend.......many many :thanks: for the help.

Stu :bigthumb:

ken545

2014-04-10, 00:44

Your more than welcome

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken